IIS Server Security - IIS 6.0 bombs - ADSI Security :(

This is Interesting: Free IT Magazines  
Home > Archive > IIS Server Security > November 2004 > IIS 6.0 bombs - ADSI Security :(





You are viewing an archived Text-only version of the thread. To view this thread in it's original format and/or if you want to reply to this thread please [click here]

Author IIS 6.0 bombs - ADSI Security :(
Eskimo

2004-11-10, 5:50 pm

Server Error in '/SetupNewUser' Application.
--------------------------------------------------------------------------------

Server was unable to process request. --> CreateNewUser Exception:
System.Exception: Exception: System.Exception: Exception:
System.UnauthorizedAccessException: Access is denied. at
System.DirectoryServices.Interop.IAds.SetInfo() at
System.DirectoryServices.DirectoryEntry.CommitChanges() at
CreateVirtualDirectories.Dal.CreateWebVirtualDirectory.Create(VirtualDirectoryParameters
aVirtualDirectoryParameters, VirtualDirectoryPermissions
aVirtualDirectoryPermissions, Boolean bTieNameToPath, Boolean bUseRootFolder,
String strRootFolder, String strFtpUserFolder, String strPathAlias, String
winAcctId, String winAcctPwd) at
CreateVirtualDirectories.Dal.CreateWebVirtualDirectory.Create(VirtualDirectoryParameters
aVirtualDirectoryParameters, VirtualDirectoryPermissions
aVirtualDirectoryPermissions, Boolean bTieNameToPath, Boolean bUseRootFolder,
String strRootFolder, String strFtpUserFolder, String strPathAlias, String
winAcctId, String winAcctPwd) at
CreateVirtualDirectories.Bll.VirtualDirectoryBLL.CreateWeb(VirtualDirectoryParameters
aVirtualDirectoryParameters, VirtualDirectoryPermissions
aVirtualDirectoryPermissions, Boolean bTieNameToPath, Boolean bUseRootFolder,
String strRootFolder, String strFtpUserFolder, String strPathAlias, String
FileName, String PathToCopyFrom, String sWinAcctId, String sWinAcctPwd) at
CreateUsersWebService.CreateUsersWS.CreateWeb(String VirtualDirectoryName,
String sClientName) in
c:\inetpub\wwwroot\CreateUsersWebService
\CreateUsersWS.asmx.cs:line 147 at
CreateUsersWebService.CreateUsersWS.CreateWeb(String VirtualDirectoryName,
String sClientName) in
c:\inetpub\wwwroot\CreateUsersWebService
\CreateUsersWS.asmx.cs:line 208 at
CreateUsersWebService.CreateUsersWS.CreateNewUser(String sUser, String
sPassWord, String sClient) in
c:\inetpub\wwwroot\CreateUsersWebService
\CreateUsersWS.asmx.cs:line 374
Description: An unhandled exception occurred during the execution of the
current web request. Please review the stack trace for more information about
the error and where it originated in the code.

Exception Details: System.Web.Services.Protocols.SoapException: Server was
unable to process request. --> CreateNewUser Exception: System.Exception:
Exception: System.Exception: Exception: System.UnauthorizedAccessException:
Access is denied. at System.DirectoryServices.Interop.IAds.SetInfo() at
System.DirectoryServices.DirectoryEntry.CommitChanges() at
CreateVirtualDirectories.Dal.CreateWebVirtualDirectory.Create(VirtualDirectoryParameters
aVirtualDirectoryParameters, VirtualDirectoryPermissions
aVirtualDirectoryPermissions, Boolean bTieNameToPath, Boolean bUseRootFolder,
String strRootFolder, String strFtpUserFolder, String strPathAlias, String
winAcctId, String winAcctPwd) at
CreateVirtualDirectories.Dal.CreateWebVirtualDirectory.Create(VirtualDirectoryParameters
aVirtualDirectoryParameters, VirtualDirectoryPermissions
aVirtualDirectoryPermissions, Boolean bTieNameToPath, Boolean bUseRootFolder,
String strRootFolder, String strFtpUserFolder, String strPathAlias, String
winAcctId, String winAcctPwd) at
CreateVirtualDirectories.Bll.VirtualDirectoryBLL.CreateWeb(VirtualDirectoryParameters
aVirtualDirectoryParameters, VirtualDirectoryPermissions
aVirtualDirectoryPermissions, Boolean bTieNameToPath, Boolean bUseRootFolder,
String strRootFolder, String strFtpUserFolder, String strPathAlias, String
FileName, String PathToCopyFrom, String sWinAcctId, String sWinAcctPwd) at
CreateUsersWebService.CreateUsersWS.CreateWeb(String VirtualDirectoryName,
String sClientName) in
c:\inetpub\wwwroot\CreateUsersWebService
\CreateUsersWS.asmx.cs:line 147 at
CreateUsersWebService.CreateUsersWS.CreateWeb(String VirtualDirectoryName,
String sClientName) in
c:\inetpub\wwwroot\CreateUsersWebService
\CreateUsersWS.asmx.cs:line 208 at
CreateUsersWebService.CreateUsersWS.CreateNewUser(String sUser, String
sPassWord, String sClient) in
c:\inetpub\wwwroot\CreateUsersWebService
\CreateUsersWS.asmx.cs:line 374

Source Error:

An unhandled exception was generated during the execution of the current web
request. Information regarding the origin and location of the exception can
be identified using the exception stack trace below.

Stack Trace:


[SoapException: Server was unable to process request. --> CreateNewUser
Exception:
System.Exception: Exception:
System.Exception: Exception:
System.UnauthorizedAccessException: Access is denied.
at System.DirectoryServices.Interop.IAds.SetInfo()
at System.DirectoryServices.DirectoryEntry.CommitChanges()
at
CreateVirtualDirectories.Dal.CreateWebVirtualDirectory.Create(VirtualDirectoryParameters
aVirtualDirectoryParameters, VirtualDirectoryPermissions
aVirtualDirectoryPermissions, Boolean bTieNameToPath, Boolean bUseRootFolder,
String strRootFolder, String strFtpUserFolder, String strPathAlias, String
winAcctId, String winAcctPwd)

at
CreateVirtualDirectories.Dal.CreateWebVirtualDirectory.Create(VirtualDirectoryParameters
aVirtualDirectoryParameters, VirtualDirectoryPermissions
aVirtualDirectoryPermissions, Boolean bTieNameToPath, Boolean bUseRootFolder,
String strRootFolder, String strFtpUserFolder, String strPathAlias, String
winAcctId, String winAcctPwd)
at
CreateVirtualDirectories.Bll.VirtualDirectoryBLL.CreateWeb(VirtualDirectoryParameters
aVirtualDirectoryParameters, VirtualDirectoryPermissions
aVirtualDirectoryPermissions, Boolean bTieNameToPath, Boolean bUseRootFolder,
String strRootFolder, String strFtpUserFolder, String strPathAlias, String
FileName, String PathToCopyFrom, String sWinAcctId, String sWinAcctPwd)
at CreateUsersWebService.CreateUsersWS.CreateWeb(String
VirtualDirectoryName, String sClientName) in
c:\inetpub\wwwroot\CreateUsersWebService
\CreateUsersWS.asmx.cs:line 147

at CreateUsersWebService.CreateUsersWS.CreateWeb(String
VirtualDirectoryName, String sClientName) in
c:\inetpub\wwwroot\CreateUsersWebService
\CreateUsersWS.asmx.cs:line 208
at CreateUsersWebService.CreateUsersWS.CreateNewUser(String sUser, String
sPassWord, String sClient) in
c:\inetpub\wwwroot\CreateUsersWebService
\CreateUsersWS.asmx.cs:line 374
]

System.Web.Services.Protocols.SoapHttpClientProtocol.ReadResponse(SoapClientMessage
message, WebResponse response, Stream responseStream, Boolean asyncCall) +1496
System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String
methodName, Object[] parameters) +218
SetupNewUser.WSCreateUsers.CreateUsersWS.CreateNewUser(String sUser,
String sPassWord, String sClient)
SetupNewUser.wfSetupNewUser.cmdCreateUser_Click(Object sender, EventArgs e)
System.Web.UI.WebControls.Button.OnClick(EventArgs e) +108

System.Web.UI.WebControls.Button.System.Web.UI.IPostBackEventHandler.RaisePostBackEvent(String eventArgument) +57
System.Web.UI.Page. RaisePostBackEvent(IPostBackEventHandler

sourceControl, String eventArgument) +18
System.Web.UI.Page.RaisePostBackEvent(NameValueCollection postData) +33
System.Web.UI.Page.ProcessRequestMain() +1273




--------------------------------------------------------------------------------
Version Information: Microsoft .NET Framework Version:1.1.4322.2032; ASP.NET
Version:1.1.4322.2032

--

What am I doing? Web Page (.aspx) -> Web Service (.asmx) -> DLL Project (.dll)
to create in IIS virtual directories to c:\temp, etc.

Why does this work for a windows app? and not a web page/service?

--
tym, Eskimo
Tom Kaminski [MVP]

2004-11-11, 7:47 am

"Eskimo" wrote:
> What am I doing? Web Page (.aspx) -> Web Service (.asmx) -> DLL Project (.dll)
> to create in IIS virtual directories to c:\temp, etc.
>
> Why does this work for a windows app? and not a web page/service?

Most likely because of permissions. The web page/service is not running in
the context of a user that has permissions to do this. When you run the
windows app, it's running under the context of your logon (which I'm assuming
has admin privileges).
Eskimo

2004-11-11, 5:52 pm

Any suggestions?

User Logged in as: NT AUTHORITY\NETWORK SERVICE

I turned on basic authentication on the web page calling the web service
and this is what it shows as the current identity (even if I login as a
domain user):

sLogin =
System.Security.Principal.WindowsIdentity.GetCurrent().Name.ToString();

Any way to change it to impersonate, say a local admin, for the
System.Security.Principal? I tried in web.config
the following:
<identity impersonate="true" />
<identity impersonate="true" userName="validLoginId"
password="validPassWord" />

I even set the machine.config to use SYSTEM in the processModel settings.

I also defined a local CustomASPNET with less privileges than local admin
and set machine.config to that user id...

I also tried a domain account in machine.config

;(

"Tom Kaminski [MVP]" wrote:

> "Eskimo" wrote:
>
> Most likely because of permissions. The web page/service is not running in
> the context of a user that has permissions to do this. When you run the
> windows app, it's running under the context of your logon (which I'm assuming
> has admin privileges).
Sponsored Links






Free braindumps | Software forum | Database administration forum

Copyright 2003 - 2008 webservertalk.com